Transaction card system having security against unauthorized usage

ABSTRACT

A system having a host having information regarding at least one transaction card account. The host functions to transfer card data to a drone card carried within the host. The host includes a biometric sensor or other suitable identification means for authentication of the user prior to use of the drone card. Once the user is authenticated, the drone card provides a readable identifier that corresponds to a transaction card account selected by the user. The functions of host could alternatively be integrated into the drone card.

PRIORITY CLAIM

[0001] This application claims priority to Provisional Application No.60/333035, filed Nov. 19, 2001, which is hereby incorporated byreference.

BACKGROUND OF THE INVENTION

[0002] The present invention relates generally to the art of transactioncards. More particularly, the invention relates to an improvedtransaction card system having security features for preventingunauthorized usage.

[0003] Transaction cards, such as credit cards, debit cards, accesscards and the like, have gained widespread use. While transaction cardsprovide convenience for users, fraudulent use is also prevalent.Fraudulent use may occur through postal theft, counterfeiting andthrough stolen cards. It is believed that credit card companies sufferlosses due to fraud each year in the hundreds of millions of dollars.These losses must ultimately be borne by the consumer in the form ofhigher prices.

[0004] While there have been attempts to prevent fraudulent use oftransaction cards, a further need exists for a novel transaction cardsystem.

SUMMARY OF THE INVENTION

[0005] The present invention recognizes and addresses various drawbacksof prior art constructions and methods. Accordingly, it is an object ofthe present invention to provide an improved transaction card systemhaving security features for preventing unauthorized usage.

[0006] The present invention provides a system having a host havinginformation regarding at least one transaction card account. The hostfunctions to transfer card data to a drone card carried within the host.The host includes a biometric sensor or other suitable identificationmeans for authentication of the user prior to use of the drone card.Once the user is authenticated, the drone card provides a readableidentifier that corresponds to a transaction card account selected bythe user. It should be understood by one of ordinary skill in the artthat the functions of host could alternatively be integrated into thedrone card.

[0007] Other objects, features and aspects of the present invention areachieved by various combinations and subcombinations of the disclosedelements, which are discussed in greater detail below.

BRIEF DESCRIPTION OF THE DRAWINGS

[0008] A full and enabling disclosure of the present invention,including the best mode thereof, to one of ordinary skill in the art, isset forth more particularly in the remainder of the specification,including reference to the accompanying drawings, in which:

[0009]FIG. 1A is a front perspective view of a host and inserted dronecard with the host having a portion partially cut away to reveal variousinternal components therein according to an embodiment of the presentinvention;

[0010]FIG. 1B is a perspective view of the host and drone card of FIG.1A showing removal of the drone card from the host;

[0011]FIG. 1C is a side view of the host along line 1C-1C of FIG. 1A;

[0012]FIG. 1D is a cross sectional view of a portion of the host alongline 1D-1D of FIG. 1A;

[0013]FIG. 2 is a diagrammatic representation of the various functionalcomponents of the host of FIGS. 1A-C;

[0014]FIG. 3A is a front view of a drone card such as may be used withthe host of FIGS. 1A-C;

[0015]FIG. 3B is a rear view of the drone card of FIG. 3A;

[0016]FIG. 4 is a diagrammatic representation of the various functionalcomponents of the drone card of FIGS. 3A and 3B;

[0017]FIG. 5 is a diagrammatic representation of an enroller interfacingwith a host according to an embodiment of the present invention;

[0018]FIG. 6 is a flow chart illustrating the authentication process;

[0019]FIG. 7 is a perspective view of a drone card being scanned by acredit card reader of the type currently in widespread use;

[0020]FIG. 8 is a table showing transaction attempts for a drone card;

[0021]FIG. 9A is a front view of an encoded card according to analternative embodiment;

[0022]FIG. 9B is a rear view of the encoded card of FIG. 9A;

[0023]FIG. 9C is a cross sectional view of a portion of the card alongline 9C-9C of FIG. 9A;

[0024]FIG. 10 is a perspective view of an enroller according to analternative embodiment;

[0025]FIG. 11 is a perspective view of the enroller of FIG. 10 receivedwithin the host; and

[0026]FIG. 12 is a flow chart showing the enrollment process accordingto the embodiment of FIGS. 10 and 11.

[0027] Repeat use of reference characters in the present specificationand drawings is intended to represent same or analogous features orelements of the invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

[0028] Reference is made in detail to presently preferred embodiments ofthe invention, one or more examples of which are illustrated in theaccompanying drawings. Each example is provided by way of explanation ofthe invention, not limitation of the invention. In fact, it will beapparent to those skilled in the art that modifications and variationscan by made in the present invention without departing from the scope orspirit thereof. For example, features illustrated or described as partof one embodiment may be used on another embodiment to yield a stillfurther embodiment.

[0029] In one embodiment, the present invention provides a host thathouses information regarding one or more card accounts. A card accountincludes but is not limited to credit cards, debit cards, library cards,social security cards, Medicare cards, phone cards, access cards,discount cards, and any other card containing identification informationrelating to a specific person or group. A drone card carried within thehost can be configured to correspond to a card account. Often, the hostmay be configured to allow the user to select a particular card accountfrom among several. An enroller operates to program informationregarding various card accounts on the host for individual or groupusage.

[0030] Once initialized by the enroller, the host contains userinformation required for authentication as well as data relating to thecard accounts. To use a specific card account stored on the host, theuser is first authenticated using the host's authentication sensor. Uponselecting the desired card account, the host uploads data relating tothe selected card account onto the drone card. The drone card maycontain an output circuit that generates a readable identifier (i.e.magnetic signal, bar code, etc.) corresponding to the selected cardaccount. Unless the drone card is used within a certain time period, itwill preferably become disabled and need additional authentication to beused. Likewise, the drone card may become disabled upon completion of atransaction.

[0031]FIGS. 1A, 1B and 1C illustrate a host 10 carrying a drone card 100in accordance with the present invention. Host 10 has a front face 12and slot 14 for receiving drone card 100. Preferably, host 10 is formedfrom a relatively rigid material and is no thicker than required toreceive drone card 100 and house the requisite electronics. Often, host10 will have a thickness no greater than about three times that of astandard credit card. While slot 14 is shown on a short side of host 10,it should be understood that slot 14 could be located along any side ofhost 10. For example, it may be desirable in some cases to locate slot10 along a long edge of host 10 in order to make drone card 100 moreeasily removable by either left or right handed people. A cut-outportion 16 proximate to slot 14 allows access to drone card 100 by auser's finger to facilitate its removal from host 10. Host 10 could alsobe integrated into other electronic devices, such as cellular phones orPersonal Digital Assistants (PDAs).

[0032] The interior of host 10 may contain an appropriate anti-tamperingmechanism to prevent someone from attempting to obtain the accountinformation stored in the host. For example, the illustrated embodimentof host 10 includes a fine mesh 18 of wires just below its surface. Thewires of mesh 18 may be serially connected so that any break in the meshwill remove all data stored in host 10. It will be appreciated thatattempts to open host 10 will result in mesh breakage.

[0033] Host 10 preferably contains an integrally mounted authenticationsensor 20 for validating the identification of the user. Authenticationsensor 20 is preferably a suitable biometric sensor, such as afingerprint sensor. One fingerprint sensor that may be used for thispurpose is known as FINGERLOC™ and is sold by AuthenTec, Inc. ofMelbourne, Fla. It should be understood that authentication sensor 20could be any other suitable means for validating the identification ofthe user, such as a personal identification number (PIN) keypad.

[0034] In the illustrated embodiment, host 10 contains a display 30 thatallows a user to view information relating to various card accountsstored on host 10. While display 30 is preferably a character liquidcrystal display (“LCD”), any other suitable display could be used.Methods for driving a LCD with particular characters are known in theart.

[0035] A scroll button 40 mounted on front face 12 of host 10 allows theuser to scroll through the names of the various card accounts stored onhost 10 to which the user has access. As the user scrolls through thenames of the card accounts, each can be shown on display 30. Once theuser determines a specific card account to be used, the enter button 50is used to select the desired card account. Information correspondingwith the selected card account is then uploaded along with a securitycode to drone card 100 as discussed in detail below. Informationregarding a particular card account can also be viewed on display 30 byselecting display button 60. It should be appreciated that displayscroll button 40, enter button 50 and display button 60 could be formedas a slide switch or other user input device.

[0036] Host 10 contains an interface 70 for downloading user data fromenroller 200 (FIG. 5) and uploading card data to drone card 100. Carddata includes data corresponding to a specific card account while userdata contains information required to validate the user, such as afingerprint image, and card data for each card account associated withthe user. In light of the numerous devices and techniques for exchangingdata, the interface could be implemented in a variety of ways, such asusing electrical contacts, infrared communications or lasercommunications. If only a single card account is intended to betransferred to drone card 100, host 10 could permanently write accountdata on drone card 100. With respect to an electric contact interface,host 10 contains internal electric contacts 72 capable of interfacingwith electric contacts on enroller 200 and drone card 100. Enroller 200preferably contains a card-like connector that can inserted into slot 14for providing the necessary data to host 10.

[0037] Referring now to FIG. 2, host 10 has an internal microprocessor80 in electrical communication with on-board memory 82. Memory 82, whichis preferably a suitable EEPROM, functions to store card data, user dataand security codes (which will be described more fully below). A powersource 90, preferably a battery, provides electrical power tomicroprocessor 80 and memory 82. Preferably an ultra-thin battery willbe utilized for this purpose, such as the batteries sold by Power PaperLtd. of Kibbutz Einat, Israel. Power source 90 may be rechargeable andreceive supplemental charging using solar cell 92. An optional indicatorlight (not shown) may also indicate when the battery is low on power.

[0038] Means may be optionally provided to magnify or amplify theambient light available for solar cell 92. For example, in oneembodiment an optical prism 93 may be molded into front face 12 of host10 so as to overlie solar cell 92 as shown in FIG. 1D. The configurationand selection of the appropriate light amplifier should be understood byone of ordinary skill in the art. In order to increase battery life,microprocessor 80 preferably remains in “sleep” mode until activated byauthentication sensor 20 or scroll button 40. The term “sleep” modemeans a low-power state maintained by the microprocessor untilinterrupted by input.

[0039] Authentication sensor 20, scroll button 40, enter button 50, anddisplay button 60 provide input data to microprocessor 80. Interface 70also provides input data to microprocessor 80 as well as receivingoutput data. Microprocessor 80 functions responsively to input data.

[0040] Microprocessor 80 responds to the input data from authenticationsensor 20 by comparing the input data with the user data stored inmemory 82 to determine whether the input data represents a valid user.Multiple users may be associated with a host; consequently, the userdata for the host may correspond to more than one person. For example,if authentication sensor 20 were a fingerprint sensor, the fingerprintsfor each person associated with host 10 would provide access to selectedcard accounts stored on host 10.

[0041] Referring to FIG. 6, the first step in authenticating a user isto read the user input data from authentication sensor 20, such as byscanning the user's fingerprint. Next, the host will compare the datascanned by authentication sensor 20 with user data stored in the memoryof the host. If the scanned data does not match the user data stored inmemory, the user will not be allowed access to card accounts.Alternatively, if the scanned data matches the user data stored inmemory, the user will be provided access to all card accounts to whichthat user has access.

[0042] Not every user associated with the host can necessarily accesseach card account stored on the host. The host can provide multiplelevels of security to restrict certain users from gaining access tocertain card accounts. For example, consider a host containing afingerprint sensor for its authentication sensor that has card datastored in memory for “Card A” (e.g. VISA) and “Card B” (e.g. AmericanExpress) along with user data for “User A” and “User B.” Therefore, both“User A” and “User B” can activate the host using their fingerprints.Based upon the user data in this example, “User A” is associated withand can access “Card A,” but not “Card B.” When “User A” scrolls throughthe available cards on the host, only “Card A” is displayed. The userdata, however, associates “User B” with both “Card A” and “Card B”. As aresult, “User B” can view and use both “Card A” and “Card B.”

[0043] Upon authentication, microprocessor 80 responds to the input fromscroll button 40 by driving display 30 with the identification of thenext card account in the user data associated with the user. Bycontinuing to select the scroll button, the user could review the entirelist of card accounts stored on host 10 to which the user has access. Inresponse to the input from display button 60, microprocessor 80 displaysthe card data (e.g. account number) for the selected card account inconjunction with a security code. Microprocessor 80 responds to theinput from enter button 50 by uploading card data in conjunction with asecurity code to drone card 100 via interface 70. Optionally, drone card100 could have memory containing card data so that only the securitycode is uploaded to drone card 100.

[0044] A security code is a unique code associated with a card accountand transaction. Although the card account remains constant, thesecurity code is typically different for each transaction. If someoneattempts to reuse a security code, the transaction will be denied asunauthorized. For example, if the selected card account is a telephonecard, the telephone company will not authorize charges unless both thecard account number and the expected security code is provided. If athird party intercepts the card number and a prior security code forlater use, the telephone company will deny the charges. Thisauthorization process is illustrated in the table of FIG. 8.

[0045] The security code is preferably a 4-digit alphanumeric codegenerated based upon an algorithm residing on the host. For example, thesecurity code could randomly change based upon an internal clockresiding on host 10. The security code could change during a certaintime interval, such as 20 seconds, to provide for increased security.The central computer that validates the security code would besynchronized with the host to recognize the security code.Alternatively, multiple security codes could be stored in the memory ofthe host. In order to validate the security code, the reader performingthe transaction provides the current security code to the centralcomputer of the issuing entity, which then checks for a match with theexpected code. This computer is programmed to expect a particularsecurity code in the next transaction to be performed.

[0046] As can be seen in FIGS. 3A and 3B, drone card 100 preferably hasa similar size and thickness of a standard credit card. Unlike a creditcard that contains an account number visible to anyone viewing thecredit card, however, drone card 100 preferably contains no visibleinformation, except optionally the name of the user or group associatedwith the drone card. Optionally, a photograph 102 of the authorized useris provided on host 12 or drone card 100. Photograph 102 may be apermanent, static photograph of the authorized user or could be anelectronic display that temporarily displays an electronic photograph ofan authorized user. If an electronic photograph is used, the photographcorresponding with the user authorized by host 100 will be displayed.Accordingly, multiple photographs of users could be stored on host 10with the appropriate photograph being transferred to drone card 100 anddisplayed based upon the particular user that is authorized.

[0047] All information needed to perform a transaction with drone card100 is provided at readable identifier 130 when in an active state. Inthe active state, readable identifier 130 allows user to perform atransaction. At other times, readable identifier 130 will be disabledsuch that no transactions can be performed. A status indication light110 may be provided to indicate the state of readable identifier 130.For example, light 110 may be a green LED which is lighted when readableidentifier is active. For visually impaired persons, an audibleindicator could be provided to indicate changes in the state of readableidentifier 130.

[0048] Drone card 100 contains an interface 120 for receiving card datafrom host 10. As noted above, since there are numerous devices andtechniques for exchanging data, interface 120 could be implemented in avariety of ways, such as using electric contacts, infrared or lasercommunications. With respect to an electric contact interface, dronecard 100 contains electric contacts 122 capable of interfacing withelectric contacts 72 on host 10.

[0049] Referring now to FIG. 4, the internal construction of onepreferred embodiment of drone card 100 will be described. In this case,drone card 100 has an internal controller 140 in electricalcommunication with on-board memory 150, which is preferably a volatilememory. In this embodiment, drone card 100 has sufficient memory tostore card data in conjunction with a security code. A power source 160,preferably an ultra-thin battery as described above, provides electricalpower to controller 140 and memory 150. Power source 160 may berechargeable by receiving power from host 10 through galvanicconnection, induction or other suitable means.

[0050] As noted above, drone card 100 contains an interface 120 inelectrical communication with controller 140 that transfers card datareceived from host 10 for storage in memory 150. As mentionedpreviously, the art contains numerous techniques for transferring data,such as using electric contacts, laser communications and infraredcommunications.

[0051] Controller 140 generates a signal to activate readable identifier130 based upon card data received from host 10. Preferably, readableidentifier 130 will be in a form that is compatible with existingreaders such as conventional card reader 165 shown in FIG. 7. Forexample, readable identifier 130 could be a temporary magnetic stripe ora bar code display that is temporarily activated followingauthentication.

[0052] To generate a temporary magnetic stripe, the drone card mayinclude an electric matrix to create a magnetic signal corresponding tothe card account. For a discussion regarding the generation of atemporary magnetic signal using an electric matrix, see U.S. Pat. No.6,089,451 to Krause, incorporated herein by reference.

[0053] Alternatively, readable identifier 130 could be generated using amagnetic powder or other material housed within drone card 100. Host 10could change the physical position or configuration of the powder togenerate various readable identifiers. For example, the powder could beoriented to produce a temporary magnetic stripe that could be read by astandard card reader.

[0054] Alternatively, readable identifier 130 could be a LCD or othersuitable display for producing a bar code corresponding to the carddata. Based upon the card data, host 10 would transfer data sufficientto generate a corresponding bar code to drone card 100 for display onthe LCD. The bar code shown on readable identifier 130 will be differentfor each card account transferred to drone card 100.

[0055] Instead of using a magnetic card reader with this type of dronecard 100, a bar code reader could scan the drone card. For example, ifthe card account residing in the memory of the drone card was a creditcard, the bar code corresponding to the credit card would be displayedas the readable identifier. A bar code reader would read the readableidentifier and communicate with the necessary credit authorities tocharge the appropriate account.

[0056] As noted above, the state of status indicator light 110 indicateswhether the drone card is ready for use. When card data is initiallytransferred to drone card 100, status indicator light 110 may becomeilluminated. In such embodiments, status indicator light 110 willpreferably remain illuminated until the readable identifier becomesdisabled. Preferably, the readable identifier may become disabled either(1) upon completing a transaction or (2) upon passage of a certainperiod of time. In many embodiments, controller 140 may simply removethe power to the readable identifier in order to disable the readableidentifier.

[0057] Drone card 100 may contain a transaction sensor 170 that detectswhen a transaction with the drone card has been attempted. For example,if the drone card is configured to be scanned by a magnetic reader,transaction sensor 170 would detect scanning of the drone card by themagnetic reader. Once the drone card has been scanned, the readableidentifier preferably becomes disabled.

[0058] In another embodiment, drone card 100 may not contain an internalpower source. For example, drone card 100 could be configured having areadable identifier, such as a magnetic strip, which does not requirecontinuous power to remain readable. In such embodiments, host 10 wouldcontain an output circuit, such as a magnetic head, which would writecard account data to the magnetic strip. As drone card 100 is pulledfrom host 10, the magnetic head may write card account data to magneticstrip. A security code may also be written to drone card. A roller orgenerator within host 10 could be provided to synchronize writing ofdata onto drone card 100.

[0059] Referring now to FIG. 5, enroller 200 initializes host 10 withuser data and card data (and in some cases security codes). Enroller 200may be a free-standing device or a peripheral to a general-purposecomputer 300. In this latter case, enroller 200 communicates withcomputer 30 via an interface 230. As one skilled in the art willrecognize, interface 230 could be implemented using numerous techniques,such as a serial line, wireless communications, or any other suitabledata transfer technique.

[0060] General-purpose computer 300 contains software for gathering userdata, including collecting information necessary to authenticate theuser. General information about a user, such as name, address, socialsecurity number, et cetera, can be keyed into general purpose computer300. Enroller 200 contains an authentication sensor 210 for collectinginformation needed to authenticate the user. For example, if host 10contains a fingerprint sensor, enroller 200 would collect a fingerprintimage from the user. Enroller 200 could have a separate fingerprintsensor to perform this function or use the fingerprint sensor residingon host 10. Enroller 200 may also contain a sensor 240 for collectingcard data for each “card” to be stored on the host. Sensor 240 could bea standard transaction card reader.

[0061] An interface 220 transfers user data (and possibly securitycodes) to host 10. As previously noted, the art contains numerousdevices and techniques for transferring data. For example, enroller 200could communicate using the electrical contacts on the host.

[0062] FIGS. 10-12 illustrate another embodiment for an enroller 500. Inthis embodiment, enroller 500 may have a card-like portion 502 that maybe received in slot 14 of host 10. While it should be appreciated thatentire enroller 500 may have the thickness of card-like portion 502, theportion not received within host 10 may be thicker, such as for purposesof durability. Enroller 500 contains a user input device 506, such as akeypad, for entering an unlock code into host 10. Enroller 500 alsocontains an interface (not shown) to communicate with host 10. Enroller500 may interface with host 10 in a similar manner as drone card 100,such as using electrical contacts, laser communications, infraredcommunications or other communication means.

[0063] In this embodiment, a disabled host 10 and drone card 100 may beshipped to a user, along with enroller 500. In order to enable host 10,the user must obtain an unlock code from the issuer of host 10 and dronecard 100. Accordingly, the user will communicate with the issuer of host10 and drone card 100 to receive an unlock code. The user could obtainthe unlock code using the issuer's website, or merely calling the issuerusing a telephone. In order to obtain the unlock code, the user will berequired to answer a series of security questions to authenticate theuser. Once satisfied with the answers to the security questions, theissuer can issue the unlock code to the user. With enroller 500 receivedwithin host 10, the user will enter the unlock code into enroller 500,which will unlock host 10. It should be appreciated that a host 10 maybe matched to a particular enroller 500. Moreover, enroller 500 could bedesigned for a one time use to prevent a single enroller from being usedon multiple hosts.

[0064] With host 10 enabled, the user may proceed with the enrollmentprocess. For example, the user can setup an account using authenticationsensor 20 of host 10 and type in information for card accounts into userinput device 506 of enroller 100. Instructions for the enrollmentprocess could be shown on display 30 of host 10. Additionally, enroller100 could contain a digital camera means 508 for transferring a digitalphotograph of a user to host 10.

[0065] To use the host, the user must be validated using theauthentication sensor. If the authentication sensor is a fingerprintsensor, for example, the fingerprint of the user must be validated toaccess card accounts stored on the host. Once authenticated, the usercan display using the scroll button the identification of all cardaccounts stored on the host to which that user has access. Once theidentification of the desired card account is displayed, the user candisplay the card data in conjunction with a security code for theselected “card” using the display button. To upload the card data andsecurity code to the drone card, the user selects the enter button.

[0066] Once the host transfers the card data and security code to thedrone card, the status indicator light is illuminated (if the drone cardis powered and so equipped). To use the card for a transaction, the userremoves the card from the host so that the readable identifier isexposed to a reader. Once the readable identifier is exposed to areader, the readable identifier becomes preferably disabled and thestatus indicator light turns off. If a certain period of time passesbefore the readable identifier is exposed to a reader, the readableidentifier also becomes preferably disabled and the status indicatorlight turns off. The user then returns the drone card to the host untilneeded for another transaction. It will be appreciated that the displayallows the account number and security code to be seen so thattransactions can be approved by call-in when necessary, such as where(rarely) the vendor does not have a suitable card reader.

[0067]FIGS. 9A and 9B illustrate an alternative embodiment in which thefunctionality of the host and drone card, previously discussed, isintegrated into an encoded card 400. Encoded card 400 is preferablyapproximately the same thickness of a standard credit card.

[0068] Encoded card 400 preferably contains an integrally mountedauthentication sensor 410 for validating the identification of the user.Any suitable sensor capable of identifying the user, such as a biometricsensor, could be used.

[0069] Optionally, a photograph 402 of the authorized user is providedon encoded card 400. Photograph 402 may be a permanent, staticphotograph of the authorized user or could be an electronic display thattemporarily displays an electronic photograph of an authorized user. Ifan electronic photograph is used, the photograph corresponding with theauthorized user will be displayed. Accordingly, multiple photographs ofusers could be stored on encoded card 400 with the appropriatephotograph being displayed based upon the particular user that isauthorized.

[0070] Encoded card 400 includes a display 420 that allows a user toview information relating to various card accounts stored on encodedcard 400. A scroll button 430 mounted on encoded card 400 allows theuser to scroll through the names of the various card accounts stored onencoded card 400 to which the user has access. As the user scrollsthrough the names of the card accounts, each is shown on display 420.

[0071] Once the user determines a specific card account to be used, theenter button 440 is used to select the desired card account. As aresult, the readable identifier 480 (FIG. 9B) provides a signal, such asa temporary magnetic stripe or a bar code display that is temporarilyactivated following authentication, that allows completion of atransaction. Upon selecting the desired card account, an indicator light450 displays the state of the readable identifier. As discussedpreviously, the indicator light indicates whether the readableidentifier is enabled or disabled. Transaction sensor 490 may beprovided to detect when a transaction with the encoded card has beenattempted. Information regarding a particular card account can also beviewed on display 420 by selecting display button 470. In order toincrease battery life, solar cell 460 may be included to supply power toencoded card 400. A prism 462 or other suitable means may be provided toincrease light available for solar cell 460 as seen in FIG. 9C.

[0072] It can thus be seen that the present invention provides atransaction card system having novel properties. While preferredembodiments of the invention have been shown and described,modifications and variations may be made thereto by those of ordinaryskill in the art without departing from the spirit and scope of thepresent invention. In addition, it should be understood that aspects ofthe various embodiments may be interchanged both in whole or in part.Furthermore, those of ordinary skill in the art will appreciate that theforegoing description is by way of example only, and is not intended tobe limitative of the invention.

What is claimed is:
 1. A transaction card system, said systemcomprising: a memory configured to store account information regardingat least one transaction card; an output circuit configured to generatea readable identifier corresponding to a transaction card stored in saidmemory; a user input device configured to select a transaction cardstored in said memory; and a processor operatively coupled to saidmemory, output circuit and user input device, wherein said outputcircuit generates a readable identifier responsive to input receivedfrom said user input device.
 2. The system as recited in claim 1,further comprising a security input device operatively coupled to saidprocessor, wherein said security input device limits access to accountinformation stored in said memory based upon the input received by saidsecurity input device.
 3. The system as recited in claim 2, wherein saidsecurity input device is an authentication sensor.
 4. The system asrecited in claim 3, wherein said authentication sensor is a biometricsensor.
 5. The system as recited in claim 3, wherein a first user hasaccess to a first set of account information stored in said memory basedupon input received by said authentication sensor and a second user hasaccess to a second set of account information based upon input receivedby said authentication sensor.
 6. The system as recited in claim 5,wherein said authentication sensor is a fingerprint sensor.
 7. Thesystem as recited as claim 1, wherein said readable identifier generatedby said output circuit is a magnetic signal.
 8. The system as recited inclaim 1, wherein said readable identifier generated by said outputcircuit is a bar code.
 9. The system as recited in claim 1, wherein saidreadable identifier includes a security code.
 10. The system as recitedin claim 9, wherein said security code differs for each transaction. 11.The system as recited in claim 9, wherein said security codesequentially changes for each transaction.
 12. The system as recited inclaim 9, wherein said security code based upon an encryption algorithm.13. The system as recited in claim 1, further comprising a statusindicator operatively coupled to said processor, said status indicatorconfigured to switch between a disabled state and an enabled statewherein said status indicator becomes enabled when said output circuitgenerates a readable identifier.
 14. The system as recited in claim 13,wherein said status indicator becomes disabled upon being read by a cardreader.
 15. The system as recited in claim 13, wherein said statusindicator becomes disabled when a predetermined period of time elapsesafter said output circuit generates a readable identifier.
 16. Thesystem as recited in claim 13, wherein said status indicator is a lightthat is illuminated when said status indicator is enabled.
 17. Thesystem as recited in claim 13, wherein said status indicator is a lightthat illuminates a first color when said status indicator is enabled anda second color when said status indicator is disabled.
 18. The system asrecited in claim 13, wherein said status indicator provides a firstaudible sound when said status indicator is enabled and a second audiblesound when said status indicator is disabled.
 19. The system as recitedin claim 1, further comprising an interface operatively coupled to saidprocessor for downloading account information.
 20. The system as recitedin claim 1, further comprising a display operatively coupled to saidprocessor, said display showing account information stored in saidmemory responsive to said user input device.
 21. A transaction cardsystem, said system comprising: a drone card having a drone memory, adrone interface and an output circuit configured to generate a readableidentifier corresponding to account information stored in said dronememory; a host having a slot for receiving said drone card, said hosthaving: a host memory configured to store account information for atleast one transaction card, a host interface configured to communicatewith said drone interface to transfer account information to said dronecard, a biometric sensor; a processor operatively connected to said hostmemory, said host interface and said biometric sensor, wherein said hosttransfers account information to said drone memory when a user has beenverified via said biometric sensor.
 22. The system as recited in claim21, wherein said biometric sensor is a fingerprint sensor.
 23. Thesystem as recited in claim 21, wherein a first user has access to afirst set of account information stored in said host memory based uponinput received by said biometric sensor and a second user has access toa second set of account information based upon input received by saidbiometric sensor.
 24. The system as recited as claim 21, wherein saidreadable identifier generated by said output circuit of said drone cardis a magnetic signal.
 25. The system as recited in claim 21, whereinsaid readable identifier generated by said output circuit of said dronecard is a bar code.
 26. The system as recited in claim 21, wherein saidreadable identifier generated by said drone card includes a securitycode.
 27. The system as recited in claim 26, wherein said security codediffers for each transaction.
 28. The system as recited in claim 26,wherein said security code sequentially changes for each transaction.29. The system as recited in claim 26, wherein said security code isbased upon an encryption algorithm.
 30. The system as recited in claim21, wherein said drone card further comprises a status indicator, saidstatus indicator configured to switch between a disabled state and anenabled state wherein said status indicator becomes enabled when saidoutput circuit of said drone card generates a readable identifier. 31.The system as recited in claim 30, wherein said status indicator becomesdisabled when a predetermined period of time elapses after outputcircuit generates a readable identifier.
 32. The system as recited inclaim 30, wherein said status indicator is a light that is illuminatedwhen said status indicator is enabled.
 33. The system as recited inclaim 21, wherein said drone interface and said host interfacecommunicate using electrical contacts.
 34. The system as recited inclaim 21, wherein said drone interface and said host interfacecommunicate using wireless communications.
 35. The system as recited inclaim 21, wherein said drone interface and said host interfacecommunicate using laser communications.
 36. The system as recited inclaim 21, wherein said drone interface and said host interfacecommunication using infrared communications.
 37. The system as recitedin claim 21, wherein said drone card further comprises a display, saiddisplay showing a photograph of the user based upon biometricinformation received from the biometric sensor of said host.
 38. Thesystem as recited in claim 21, wherein said host includes a solar cellas a source of power.
 39. The system as recited in claim 38, furthercomprising a light amplifier operatively connected to said solar cell.40. The system as recited in claim 39, wherein said light amplifier isat least one prism overlying said solar cell.
 41. The system as recitedin claim 21, wherein said host includes anti-tampering means for erasingsaid host memory in the event that said host becomes damaged.
 42. Thesystem as recited in claim 21, wherein said drone card includesanti-tampering means for erasing said drone memory in the event thatsaid drone card becomes damaged.
 43. The system as recited in claim 21,wherein said drone card has approximately the same thickness as astandard credit card.
 44. The system as recited in claim 43, whereinsaid host has approximately three-times the thickness of a standardcredit card.
 45. The system as recited in claim 21, further comprisingan enroller having an interface for communicating with said host so asto store account information into said host memory.
 46. The system asrecited in claim 45, wherein said enroller has a card-like portionconfigured to be received within the slot of said host.
 47. The systemas recited in claim 46, wherein said host is configured to switchbetween a disabled state that prevents use of said host and an enabledstate that allows use of said host, said system further comprising anenroller with a user input device wherein said host switches to saidenabled state responsive to input received from said user input deviceof said enroller.
 48. The system as recited in claim 21, furthercomprising a user input device configured to select account informationfor a transaction card stored in said host memory.
 49. A transactioncard system, said system comprising: a drone card having a drone memory,a drone interface and means for generating a readable identifiercorresponding to account information stored in said drone memory; meansfor storing account information corresponding to at least onetransaction card; means for restricting access to said accountinformation based upon biometric data; and means operatively connectedto said drone interface for transferring account information for atransaction card selected by a user to said drone memory.
 50. A methodfor enrolling a transaction card system, said method comprising thesteps of: (a) sending a drone card and disabled host to a user; (b)receiving a communication from said user; (c) requiring said user toanswer at least one security question; and (d) upon satisfactorycompletion of step (c), providing said user with a security code whichwill enable said host.
 51. The method as recited in claim 50, whereinsaid communication of step (b) is a phone call.
 52. The method asrecited in claim 50, wherein said host is preprogrammed with accountinformation.
 53. The method as recited in claim 50, wherein an enrollerhaving a user input device is also sent in step (a).
 54. The method asrecited in claim 53, wherein said user enters said security code intosaid user input device of said enroller to enable said host.
 55. Themethod as recited in claim 54, wherein said enroller becomes disabledupon enabling said host.